CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2023-53077 – drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
https://notcve.org/view.php?id=CVE-2023-53077
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes [WHY] When PTEBufferSizeInRequests is zero, UBSAN reports the following warning because dml_log2 returns an unexpected negative value: shift exponent 4294966273 is too large for 32-bit type 'int' [HOW] In the case PTEBufferSizeInRequests is zero, skip the dml_log2() and assign the result directly. In the Linux kernel, the following vulnerability has been resolved: drm/amd/di... • https://git.kernel.org/stable/c/7257070be70e19a9138f39009c1a26c83a8a7cfa •
CVSS: 8.5EPSS: %CPEs: 8EXPL: 0CVE-2023-53075 – ftrace: Fix invalid address access in lookup_rec() when index is 0
https://notcve.org/view.php?id=CVE-2023-53075
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: BUG: KASAN: use-after-free in lookup_rec Read of size 8 at addr ffff000199270ff0 by task modprobe CPU: 2 Comm: modprobe Call trace: kasan_report __asan_load8 lookup_rec ftrace_location arch_check_ftrace_location check_kprobe_address_safe register_kprobe When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a pg which is newly ... • https://git.kernel.org/stable/c/9644302e3315e7e36495d230d5ac7125a316d33e •
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2023-53074 – drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini
https://notcve.org/view.php?id=CVE-2023-53074
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini The call trace occurs when the amdgpu is removed after the mode1 reset. During mode1 reset, from suspend to resume, there is no need to reinitialize the ta firmware buffer which caused the bo pin_count increase redundantly. [ 489.885525] Call Trace: [ 489.885525]
CVSS: 6.6EPSS: %CPEs: 3EXPL: 0CVE-2023-53067 – LoongArch: Only call get_timer_irq() once in constant_clockevent_init()
https://notcve.org/view.php?id=CVE-2023-53067
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: Only call get_timer_irq() once in constant_clockevent_init() Under CONFIG_DEBUG_ATOMIC_SLEEP=y and CONFIG_DEBUG_PREEMPT=y, we can see the following messages on LoongArch, this is because using might_sleep() in preemption disable context. [ 0.001127] smp: Bringing up secondary CPUs ... [ 0.001222] Booting CPU#1... [ 0.001244] 64-bit Loongson Processor probed (LA464 Core) [ 0.001247] CPU1 revision is: 0014c012 (Loongson-64bit) [ 0.... • https://git.kernel.org/stable/c/b9c379e1d7e141b102f41858c9b8f6f36e7c89a4 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53063 – Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
https://notcve.org/view.php?id=CVE-2023-53063
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work In btsdio_probe, &data->work was bound with btsdio_work.In btsdio_send_frame, it was started by schedule_work. If we call btsdio_remove with an unfinished job, there may be a race condition and cause UAF bug on hdev. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished ... • https://git.kernel.org/stable/c/ddbaf13e3609442b64abb931ac21527772d87980 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2023-53062 – net: usb: smsc95xx: Limit packet length to skb->len
https://notcve.org/view.php?id=CVE-2023-53062
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents. In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length... • https://git.kernel.org/stable/c/2f7ca802bdae2ca41022618391c70c2876d92190 •
CVSS: 7.8EPSS: %CPEs: 2EXPL: 0CVE-2023-53052 – cifs: fix use-after-free bug in refresh_cache_worker()
https://notcve.org/view.php?id=CVE-2023-53052
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refresh_cache_worker() The UAF bug occurred because we were putting DFS root sessions in cifs_umount() while DFS cache refresher was being executed. Make DFS root sessions have same lifetime as DFS tcons so we can avoid the use-after-free bug is DFS cache refresher and other places that require IPCs to get new DFS referrals on. Also, get rid of mount group handling in DFS cache as we no longer need it. This f... • https://git.kernel.org/stable/c/5a89d81c1a3c152837ea204fd29572228e54ce0b •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53051 – dm crypt: add cond_resched() to dmcrypt_write()
https://notcve.org/view.php?id=CVE-2023-53051
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: dm crypt: add cond_resched() to dmcrypt_write() The loop in dmcrypt_write may be running for unbounded amount of time, thus we need cond_resched() in it. This commit fixes the following warning: [ 3391.153255][ C12] watchdog: BUG: soft lockup - CPU#12 stuck for 23s! [dmcrypt_write/2:2897] ... [ 3391.387210][ C12] Call trace: [ 3391.390338][ C12] blk_attempt_bio_merge.part.6+0x38/0x158 [ 3391.395970][ C12] blk_attempt_plug_merge+0xc0/0x1b0 [... • https://git.kernel.org/stable/c/dc2676210c425ee8e5cb1bec5bc84d004ddf4179 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2023-53045 – usb: gadget: u_audio: don't let userspace block driver unbind
https://notcve.org/view.php?id=CVE-2023-53045
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: don't let userspace block driver unbind In the unbind callback for f_uac1 and f_uac2, a call to snd_card_free() via g_audio_cleanup() will disconnect the card and then wait for all resources to be released, which happens when the refcount falls to zero. Since userspace can keep the refcount incremented by not closing the relevant file descriptor, the call to unbind may block indefinitely. This can cause a deadlock duri... • https://git.kernel.org/stable/c/132fcb460839a876f5bc8b71bede60f8d0875757 •
CVSS: 7.8EPSS: %CPEs: 8EXPL: 0CVE-2023-53044 – dm stats: check for and propagate alloc_percpu failure
https://notcve.org/view.php?id=CVE-2023-53044
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error from dm_stats_init() if it fails. Update alloc_dev() to fail if dm_stats_init() does. Otherwise, a NULL pointer dereference will occur in dm_stats_cleanup() even if dm-stats isn't being actively used. In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check all... • https://git.kernel.org/stable/c/fd2ed4d252701d3bbed4cd3e3d267ad469bb832a •